CN111259409A - Information encryption method and device, electronic equipment and storage medium - Google Patents
Information encryption method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN111259409A CN111259409A CN202010017431.4A CN202010017431A CN111259409A CN 111259409 A CN111259409 A CN 111259409A CN 202010017431 A CN202010017431 A CN 202010017431A CN 111259409 A CN111259409 A CN 111259409A
- Authority
- CN
- China
- Prior art keywords
- encrypted
- field name
- data
- field
- name list
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses an information encryption method, an information encryption device, electronic equipment and a storage medium. The information encryption method comprises the following steps: acquiring a field name list to be encrypted; creating a regular expression corresponding to each field name to be encrypted according to the field name list to be encrypted; matching each regular expression with the information to be encrypted to obtain the data to be encrypted in the information to be encrypted; and encrypting the data to be encrypted according to the field name list to be encrypted to obtain encrypted data. When desensitization is carried out on information to be encrypted, a regular expression corresponding to each field name to be encrypted is created according to a field name list to be encrypted, each regular expression is matched with the information to be encrypted to obtain data to be encrypted in the information to be encrypted, the data to be encrypted is identified through the field names to be encrypted, desensitization processing efficiency is remarkably improved, desensitization is already finished when logs are output in real time and stored, and therefore safety of the data to be encrypted is improved.
Description
Technical Field
The embodiment of the disclosure relates to the technical field of data processing, and in particular, to an information encryption method and apparatus, an electronic device, and a storage medium.
Background
The payment field usually involves some sensitive data of the user, such as a bank card number, a mobile phone number or an identification number, so it is very important to protect the sensitive data of the user in the payment field. For the payment system, the system state needs to be recorded by logging, and information in the log usually contains content requested by a user, so the key point of privacy protection is to remove sensitive content in the log.
Current approaches to desensitization of journals typically include: the method comprises the steps of performing pattern recognition on sensitive content by adopting a first mode, or performing user inquiry authority control when a log platform inquires logs by adopting a second mode, wherein the pattern recognition and the user authority control are both used for processing non-desensitized logs which are stored in a local or cloud server.
In the process of implementing the present disclosure, the inventors found that the following defects exist in the prior art: the first way is to specifically identify the value of each sensitive field in the sensitive content, and the characteristic type of the sensitive field value is complex, so that the desensitization efficiency is affected; in the second mode, when the permission is set incorrectly, the security implication of sensitive content leakage exists, so that the log desensitization mode in the prior art does not meet the actual requirements of users in terms of processing efficiency and security.
Disclosure of Invention
The embodiment of the disclosure provides an information encryption method, an information encryption device, electronic equipment and a storage medium, so as to realize desensitization to logs.
In a first aspect, an embodiment of the present disclosure provides a log desensitization method, including: acquiring a field name list to be encrypted, wherein the field name list to be encrypted comprises a plurality of field names to be encrypted and an encryption mode corresponding to each field name to be encrypted;
creating a regular expression corresponding to each field name to be encrypted according to the field name list to be encrypted;
matching each regular expression with the information to be encrypted to obtain the data to be encrypted in the information to be encrypted;
and encrypting the data to be encrypted according to the field name list to be encrypted to obtain encrypted data.
In a second aspect, an embodiment of the present disclosure further provides a log desensitization apparatus, including:
the device comprises a to-be-encrypted field name list acquisition module, a to-be-encrypted field name list acquisition module and a to-be-encrypted field name encryption module, wherein the to-be-encrypted field name list comprises a plurality of to-be-encrypted field names and encryption modes corresponding to the to-be-encrypted field names;
the regular expression acquisition module is used for creating a regular expression corresponding to each field name to be encrypted according to the field name list to be encrypted;
the data to be encrypted acquisition module is used for matching each regular expression with the information to be encrypted to acquire the data to be encrypted in the information to be encrypted;
and the encrypted data acquisition module is used for encrypting the data to be encrypted according to the field name list to be encrypted to obtain encrypted data.
In a third aspect, an embodiment of the present disclosure further provides an electronic device, where the electronic device includes:
one or more processors;
a storage device for storing one or more programs,
when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement a method according to any embodiment of the present disclosure.
In a fourth aspect, embodiments of the present disclosure provide a computer-readable storage medium, on which a computer program is stored, which when executed by a processor, implements a method according to any of the embodiments of the present disclosure.
The embodiment of the disclosure provides a log desensitization method and device, electronic equipment and a storage medium. In the embodiment, when desensitization is performed on information to be encrypted, a regular expression corresponding to each field name to be encrypted is created according to a field name list to be encrypted, each regular expression is matched with the information to be encrypted to obtain data to be encrypted in the information to be encrypted, the data to be encrypted is identified through the field names to be encrypted, desensitization processing efficiency is remarkably improved, and desensitization is already completed when logs are output in real time and stored, so that safety of the data to be encrypted is improved.
Drawings
The above and other features, advantages and aspects of various embodiments of the present disclosure will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. Throughout the drawings, the same or similar reference numbers refer to the same or similar elements. It should be understood that the drawings are schematic and that elements and features are not necessarily drawn to scale.
FIG. 1 is a flow chart of a method of desensitizing a log provided by an embodiment of the present disclosure;
FIG. 2 is a flow chart of another log desensitization method provided by embodiments of the present disclosure;
FIG. 3 is a schematic structural diagram of a desensitization apparatus for logs according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of an electronic device provided in an embodiment of the present disclosure.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure are shown in the drawings, it is to be understood that the present disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but rather are provided for a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the disclosure are for illustration purposes only and are not intended to limit the scope of the disclosure.
It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order, and/or performed in parallel. Moreover, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the present disclosure is not limited in this respect.
The term "include" and variations thereof as used herein are open-ended, i.e., "including but not limited to". The term "based on" is "based, at least in part, on". The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments". Relevant definitions for other terms will be given in the following description.
It should be noted that the terms "first", "second", and the like in the present disclosure are only used for distinguishing different devices, modules or units, and are not used for limiting the order or interdependence relationship of the functions performed by the devices, modules or units.
It is noted that references to "a", "an", and "the" modifications in this disclosure are intended to be illustrative rather than limiting, and that those skilled in the art will recognize that "one or more" may be used unless the context clearly dictates otherwise.
The names of messages or information exchanged between devices in the embodiments of the present disclosure are for illustrative purposes only, and are not intended to limit the scope of the messages or information.
Fig. 1 is a flowchart of a log desensitization method provided in an embodiment of the present disclosure, where the embodiment of the present disclosure is applicable to a situation of desensitizing information to be encrypted that includes sensitive content, and the method may be executed by an information encryption apparatus provided in an embodiment of the present disclosure, where the apparatus may be implemented in software and/or hardware, and may be generally integrated in a computer device. The method of the embodiment of the disclosure specifically comprises the following steps:
optionally, as shown in fig. 1, the method in the embodiment of the present disclosure may include the following steps:
The field name list to be encrypted comprises a plurality of field names to be encrypted and an encryption mode corresponding to each field name to be encrypted.
Specifically, in the embodiment, the initially configured field name list to be encrypted may be first obtained, and the field names to be encrypted included in the field name list to be encrypted are obtained by collecting historical data, for example, the field names to be encrypted may specifically be a telephone number, an identity card number, a bank card number, a chinese passport, a mailbox, and a hong Kong colleague certificate.
In the field name list to be encrypted, each field name to be encrypted has a corresponding encryption mode, and the encryption mode can select to replace the data to be encrypted corresponding to the field name to be encrypted according to a preset mode. For example, the encryption mode corresponding to the field name "phone number" to be encrypted is: replacing all the data to be encrypted corresponding to the field name to be encrypted with a coincidence word; the encryption mode corresponding to the field name to be encrypted, namely the ID card number, is as follows: and replacing the front three-bit field value and the rear three-bit field value in the data to be encrypted corresponding to the field name to be encrypted by using a mark. Of course, the present embodiment is only described by way of example, and the specific form of the encryption mode is not limited, and it is within the scope of the present application as long as the data to be encrypted corresponding to the field name to be encrypted can be encrypted.
And 102, creating a regular expression corresponding to each field name to be encrypted according to the field name list to be encrypted.
Optionally, creating a regular expression corresponding to each field name to be encrypted according to the field name list to be encrypted, where the regular expression includes: acquiring the name of the field to be encrypted contained in the field name list to be encrypted; and obtaining a regular expression corresponding to each field name to be encrypted according to each field name to be encrypted, the preset sensitive field value format and the preset terminator format.
Specifically, in this embodiment, the field names to be encrypted included in the field name list to be encrypted are obtained, and the regular expressions may be set according to a uniform format for all the field names to be encrypted, for example, the format of the regular expression is: the method comprises the steps of (1) providing a preset end character format, wherein the preset end character format is represented by 'useful +' [ data to be encrypted ] + [, }) ], and the data to be encrypted positioned between the field name to be encrypted and the preset end character format is used for representing the preset field value format to be encrypted. Therefore, the regular expression in the embodiment can be positioned to the specific position of the data to be encrypted corresponding to the field name to be encrypted, and the compiling of the regular expression is completed during initialization without compiling each time of execution, so that the performance loss caused by repeated compiling can be avoided.
In one specific implementation, determining the field names to be encrypted included in the field name list to be encrypted includes: according to the name of the field to be encrypted, the preset format of the end symbol and the preset format of the identifier, the preset format of the field to be encrypted is the format of the field to be encrypted between the telephone number and the identifier, and the preset format of the field to be encrypted is the data to be encrypted, so that the regular expression corresponding to the name of the field to be encrypted, namely the telephone number, is obtained as follows: the phone number + "[ data to be encrypted ] + [, }) ], and similarly, the regular expression corresponding to the field name" identification card number "to be encrypted can also be acquired as follows: the identification number + "[ data to be encrypted ] + [, }) ], since the obtaining mode is substantially the same as the regular expression corresponding to the phone number, no further description is given in this embodiment.
And 103, matching each regular expression with the information to be encrypted to obtain the data to be encrypted in the information to be encrypted.
Optionally, matching each regular expression with the information to be encrypted to obtain the data to be encrypted in the information to be encrypted, where the method includes: acquiring first contents to be encrypted, which are identical to each regular expression, in the information to be encrypted; extracting second contents to be encrypted positioned between the field names to be encrypted and a preset terminator format in the first contents to be encrypted; and taking the second content to be encrypted as the data to be encrypted.
In one specific implementation, the information to be encrypted may specifically be a log to be desensitized, and the data to be encrypted corresponds to sensitive content in the log to be desensitized, so that the information to be encrypted is specifically obtained, and a "telephone number 1234567 of zhang of user" is recorded on a 30 th line in the information to be encrypted, and an "identity number 0987654321 of lie four of user" is recorded on a 69 th line in the encrypted data, so that a first regular expression is used: when the phone number + "[ data to be encrypted ] + [, }) ]" is matched with the information to be encrypted, a first content to be encrypted, which is the same as the first regular expression, namely the phone number 1234567 located at the position of 30 lines, a second content to be encrypted "1234567" located between the name of the field to be encrypted and the format of the preset terminator in the first content to be encrypted, can be obtained, and the second content to be encrypted is used as the data to be encrypted. Similarly, with the second regular expression: when the identification number + "[ data to be encrypted ] + [, }) ] is matched with the information to be encrypted, the first content to be encrypted, which is the same as the second regular expression, namely the identification number 0987654321 at the position of 69 lines, can be obtained, the second content to be encrypted, namely 0987654321', between the name of the identification number of the field to be encrypted and the preset end symbol format", in the first content to be encrypted is extracted, and the second content to be encrypted is used as the data to be encrypted.
It should be noted that, in this embodiment, when the regular expression corresponding to each field name to be encrypted is matched with the information to be encrypted, multiple regular expressions may be concurrently and simultaneously matched, or multiple regular expressions may be sequentially matched according to a preset sequence.
And 104, encrypting the data to be encrypted according to the field name list to be encrypted to obtain encrypted data.
Optionally, encrypting the data to be encrypted according to the field name list to be encrypted to obtain encrypted data may include: determining the name of a field to be encrypted corresponding to the data to be encrypted; inquiring an encryption mode corresponding to the field name to be encrypted from the field name list to be encrypted; and encrypting the data to be encrypted according to the encryption mode to obtain encrypted data.
For example, if it is determined that the field name to be encrypted corresponding to the data to be encrypted "1234567" is "phone number", the encryption mode corresponding to the field name to be encrypted "phone number" is queried from the field name list to be encrypted as follows: replacing all the data to be encrypted corresponding to the field name to be encrypted with the corresponding word, and encrypting the data to be encrypted, namely '1234567', into the word according to the encryption mode so as to obtain encrypted data; when the to-be-encrypted field name corresponding to the to-be-encrypted data 0987654321 is determined to be the 'identification number', the encryption mode corresponding to the to-be-encrypted field name 'identification number' is inquired from the to-be-encrypted field name list and is as follows: and replacing the first three-bit field value and the last three-bit field value in the data to be encrypted corresponding to the name of the field to be encrypted with the symbol ". about.", encrypting the data to be encrypted "0987654321" into ". about. 7654. about." according to the encryption mode, thereby obtaining the encrypted data.
Optionally, the method may further include: storing the encrypted data locally; and sending the encrypted data to a cloud server for storage in the cloud.
Specifically, in the embodiment, the information to be encrypted is encrypted and then stored, so that the content in the cloud server viewed by the user through the log retrieval platform is a desensitized log, and even if the authority setting is wrong, an unauthorized user can view the content in the cloud server but cannot view the data to be encrypted in the log, so that the security of the data to be encrypted is improved.
The embodiment of the disclosure provides a log desensitization method, when desensitization is performed on information to be encrypted, a regular expression corresponding to each field name to be encrypted is created according to a field name list to be encrypted, each regular expression is matched with the information to be encrypted to obtain data to be encrypted in the information to be encrypted, the data to be encrypted is identified through the field names to be encrypted, desensitization processing efficiency is remarkably improved, and desensitization is already completed when logs are output and stored in real time, so that safety of the data to be encrypted is improved.
Fig. 2 is a flow chart of another desensitization method provided by the embodiments of the present disclosure. The embodiment of the present disclosure may be combined with each optional solution in the above embodiments, and in the embodiment of the present disclosure, the method further includes: and obtaining the name of the missing field to be encrypted by carrying out mode identification on the encrypted data log, and updating the name list of the field to be encrypted according to the name of the missing field to be encrypted.
As shown in fig. 2, the method of the embodiment of the present disclosure specifically includes:
And 204, encrypting the data to be encrypted according to the field name list to be encrypted to obtain encrypted data.
And step 205, obtaining the name of the missing field to be encrypted by performing pattern recognition on the encrypted data, and updating the name list of the field to be encrypted according to the name of the missing field to be encrypted.
Optionally, pattern recognition is performed on the encrypted data to obtain a pattern recognition result; when determining that the name of the missing field to be encrypted exists according to the mode identification result, sending an alarm prompt; and adding the missing field names to be encrypted into the field name list to be encrypted according to the alarm prompt, and updating the field name list to be encrypted.
Specifically, desensitization verification can be performed on encrypted data stored locally in a mode of pattern recognition, that is, desensitization is performed in a mode of a sensitive field value, and whether missing field names to be encrypted exist is detected. For example, when it is determined through pattern recognition that there is a missing field name "address" to be encrypted, an alarm prompt "the field name" address "to be encrypted" is sent out, and the field name "address" to be encrypted is added to the field name list to be encrypted according to the alarm prompt, so as to update the field name to be encrypted.
Optionally, adding the missing field name to be encrypted to the field name list to be encrypted according to the alarm prompt, and after updating the field name list to be encrypted, the method may further include: configuring an encryption mode corresponding to the omitted field name to be encrypted in the updated field name list to be encrypted; and creating a regular expression corresponding to the missing field name to be encrypted.
For example, if the missing field name to be encrypted is "address", then after the missing field name to be encrypted is added to the field name list to be encrypted, an encryption mode corresponding to the "address" needs to be configured in the updated field name list to be encrypted, and the encryption mode may specifically be: and replacing the cell, building name and doorplate number in the data to be encrypted corresponding to the field name to be encrypted by using a mark. Moreover, a regular expression corresponding to the "address" may also be created in a manner substantially the same as that described in step 102, and therefore details are not repeated in this embodiment.
The embodiment of the disclosure provides a log desensitization method, when desensitization is performed on information to be encrypted, a regular expression corresponding to each field name to be encrypted is created according to a field name list to be encrypted, each regular expression is matched with the information to be encrypted to obtain data to be encrypted in the information to be encrypted, the data to be encrypted is identified through the field names to be encrypted, desensitization processing efficiency is remarkably improved, and desensitization is already completed when logs are output and stored in real time, so that safety of the data to be encrypted is improved. And the missing field names to be encrypted are obtained by carrying out pattern recognition on the encrypted data, and the field name list to be encrypted is updated according to the missing field names to be encrypted, so that the accuracy of log desensitization can be further improved.
Fig. 3 is a schematic structural diagram of an information encryption apparatus according to an embodiment of the present disclosure. The apparatus may be implemented in software and/or hardware and may generally be integrated in an electronic device performing the method. As shown in fig. 3, the apparatus may include:
a field name list to be encrypted obtaining module 301, configured to obtain a field name list to be encrypted, where the field name list to be encrypted includes a plurality of field names to be encrypted and an encryption mode corresponding to each field name to be encrypted;
a regular expression obtaining module 302, configured to create a regular expression corresponding to each field name to be encrypted according to the field name list to be encrypted;
the data to be encrypted obtaining module 303 is configured to match each regular expression with information to be encrypted, and obtain data to be encrypted in the information to be encrypted;
and the encrypted data obtaining module 304 is configured to encrypt the data to be encrypted according to the field name list to be encrypted to obtain encrypted data.
The embodiment of the disclosure provides an information encryption device, when desensitizing information to be encrypted, a regular expression corresponding to each field name to be encrypted is created according to a field name list to be encrypted, each regular expression is matched with the information to be encrypted to obtain data to be encrypted in the information to be encrypted, the data to be encrypted is identified through the field names to be encrypted, desensitization processing efficiency is remarkably improved, and desensitization is already completed when logs are output in real time and stored, so that security of the data to be encrypted is improved.
Further, the regular expression obtaining module 302 is specifically configured to:
acquiring the name of the field to be encrypted contained in the field name list to be encrypted;
and obtaining a regular expression corresponding to each field name to be encrypted according to each field name to be encrypted, the preset sensitive field value format and the preset terminator format.
Further, the to-be-encrypted data obtaining module 303 is specifically configured to:
acquiring first contents to be encrypted, which are identical to each regular expression, in the information to be encrypted;
extracting second contents to be encrypted positioned between the field names to be encrypted and a preset terminator format in the first contents to be encrypted;
and taking the second content to be encrypted as the data to be encrypted.
Further, the encrypted data obtaining module 304 is specifically configured to:
determining the name of a field to be encrypted corresponding to the data to be encrypted;
inquiring an encryption mode corresponding to the field name to be encrypted from the field name list to be encrypted;
and encrypting the data to be encrypted according to the encryption mode to obtain encrypted data.
Further, the apparatus further comprises:
the encrypted data storage module is used for locally storing the encrypted data;
and sending the encrypted data to a cloud server for storage in the cloud.
Further, the apparatus further comprises:
the field name list to be encrypted updating module is used for carrying out mode identification on the encrypted data to obtain a mode identification result;
when determining that the name of the missing field to be encrypted exists according to the mode identification result, sending an alarm prompt;
and adding the missing field names to be encrypted into the field name list to be encrypted according to the alarm prompt, and updating the field name list to be encrypted.
Further, the apparatus further comprises:
the configuration module is used for configuring an encryption mode corresponding to the omitted field name to be encrypted in the updated field name list to be encrypted;
and creating a regular expression corresponding to the missing field name to be encrypted.
The log desensitization device provided by the embodiment of the present disclosure and the log desensitization method provided by the embodiments belong to the same inventive concept, and technical details that are not described in detail in the embodiments of the present disclosure can be referred to the embodiments, and the embodiments of the present disclosure have the same beneficial effects.
Referring now to FIG. 4, a block diagram of an electronic device 400 suitable for use in implementing embodiments of the present disclosure is shown. The electronic device in the embodiment of the present disclosure may be a device corresponding to a backend service platform of an application program, and may also be a mobile terminal device installed with an application program client. In particular, the electronic device may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a vehicle-mounted terminal (e.g., a car navigation terminal), etc., and a stationary terminal such as a digital TV, a desktop computer, etc. The electronic device shown in fig. 4 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 4, electronic device 400 may include a processing device (e.g., central processing unit, graphics processor, etc.) 401 that may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)402 or a program loaded from a storage device 408 into a Random Access Memory (RAM) 403. In the RAM 403, various programs and data necessary for the operation of the electronic apparatus 400 are also stored. The processing device 401, the ROM 402, and the RAM 403 are connected to each other via a bus 404. An input/output (I/O) interface 405 is also connected to bus 404.
Generally, the following devices may be connected to the I/O interface 405: input devices 406 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; an output device 407 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 408 including, for example, tape, hard disk, etc.; and a communication device 409. The communication means 409 may allow the electronic device 400 to communicate wirelessly or by wire with other devices to exchange data. While fig. 4 illustrates an electronic device 400 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program carried on a non-transitory computer readable medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication device 409, or from the storage device 408, or from the ROM 402. The computer program performs the above-described functions defined in the methods of the embodiments of the present disclosure when executed by the processing device 401.
It should be noted that the computer readable medium in the present disclosure can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
In some embodiments, the clients, servers may communicate using any currently known or future developed network protocol, such as HTTP (HyperText transfer protocol), and may be interconnected with any form or medium of digital data communication (e.g., a communications network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the Internet (e.g., the Internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed network.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, cause the internal processes of the electronic device to perform: acquiring a field name list to be encrypted, wherein the field name list to be encrypted comprises a plurality of field names to be encrypted and an encryption mode corresponding to each field name to be encrypted; creating a regular expression corresponding to each field name to be encrypted according to the field name list to be encrypted; matching each regular expression with the information to be encrypted to obtain the data to be encrypted in the information to be encrypted; and encrypting the data to be encrypted according to the field name list to be encrypted to obtain encrypted data.
Computer program code for carrying out operations for the present disclosure may be written in any combination of one or more programming languages, including but not limited to an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present disclosure may be implemented by software or hardware. Where the name of an element does not in some cases constitute a limitation on the element itself.
The functions described herein above may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), systems on a chip (SOCs), Complex Programmable Logic Devices (CPLDs), and the like.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
In accordance with one or more embodiments of the present disclosure, there is provided a method of desensitizing a log, the method comprising:
acquiring a field name list to be encrypted, wherein the field name list to be encrypted comprises a plurality of field names to be encrypted and an encryption mode corresponding to each field name to be encrypted;
creating a regular expression corresponding to each field name to be encrypted according to the field name list to be encrypted;
matching each regular expression with the information to be encrypted to obtain the data to be encrypted in the information to be encrypted;
and encrypting the data to be encrypted according to the field name list to be encrypted to obtain encrypted data.
According to one or more embodiments of the present disclosure, in the above method, creating a regular expression corresponding to each field name to be encrypted according to the field name list to be encrypted includes:
acquiring the name of the field to be encrypted contained in the field name list to be encrypted;
and obtaining a regular expression corresponding to each field name to be encrypted according to each field name to be encrypted, the preset sensitive field value format and the preset terminator format.
According to one or more embodiments of the present disclosure, in the above method, matching each regular expression with information to be encrypted to obtain data to be encrypted in the information to be encrypted, includes:
acquiring first contents to be encrypted, which are identical to each regular expression, in the information to be encrypted;
extracting second contents to be encrypted positioned between the field names to be encrypted and a preset terminator format in the first contents to be encrypted;
and taking the second content to be encrypted as the data to be encrypted.
According to one or more embodiments of the present disclosure, in the method, encrypting data to be encrypted according to a field name list to be encrypted to obtain encrypted data includes:
determining the name of a field to be encrypted corresponding to the data to be encrypted;
inquiring an encryption mode corresponding to the field name to be encrypted from the field name list to be encrypted;
and encrypting the data to be encrypted according to the encryption mode to obtain encrypted data.
According to one or more embodiments of the present disclosure, the method further includes:
storing the encrypted data locally;
and sending the encrypted data to a cloud server for storage in the cloud.
According to one or more embodiments of the present disclosure, the method further includes:
pattern recognition is carried out on the encrypted data to obtain a pattern recognition result;
when determining that the name of the missing field to be encrypted exists according to the mode identification result, sending an alarm prompt;
and adding the missing field names to be encrypted into the field name list to be encrypted according to the alarm prompt, and updating the field name list to be encrypted.
According to one or more embodiments of the present disclosure, in the method, the adding the missing field name to be encrypted to the field name list to be encrypted according to the alarm prompt, and after updating the field name list to be encrypted, the method further includes:
configuring an encryption mode corresponding to the omitted field name to be encrypted in the updated field name list to be encrypted;
and creating a regular expression corresponding to the missing field name to be encrypted.
According to one or more embodiments of the present disclosure, there is provided an information encryption apparatus including:
the device comprises a to-be-encrypted field name list acquisition module, a to-be-encrypted field name list acquisition module and a to-be-encrypted field name encryption module, wherein the to-be-encrypted field name list comprises a plurality of to-be-encrypted field names and encryption modes corresponding to the to-be-encrypted field names;
the regular expression acquisition module is used for creating a regular expression corresponding to each field name to be encrypted according to the field name list to be encrypted;
the data to be encrypted acquisition module is used for matching each regular expression with the information to be encrypted to acquire the data to be encrypted in the information to be encrypted;
and the encrypted data acquisition module is used for encrypting the data to be encrypted according to the field name list to be encrypted to obtain encrypted data.
According to one or more embodiments of the present disclosure, the regular expression obtaining module in the apparatus is specifically configured to:
acquiring the name of the field to be encrypted contained in the field name list to be encrypted;
and obtaining a regular expression corresponding to each field name to be encrypted according to each field name to be encrypted, the preset sensitive field value format and the preset terminator format.
According to one or more embodiments of the present disclosure, the to-be-encrypted data obtaining module in the apparatus is specifically configured to:
acquiring first contents to be encrypted, which are identical to each regular expression, in the information to be encrypted;
extracting second contents to be encrypted positioned between the field names to be encrypted and a preset terminator format in the first contents to be encrypted;
and taking the second content to be encrypted as the data to be encrypted.
According to one or more embodiments of the present disclosure, the encrypted data obtaining module in the apparatus is specifically configured to:
determining the name of a field to be encrypted corresponding to the data to be encrypted;
inquiring an encryption mode corresponding to the field name to be encrypted from the field name list to be encrypted;
and encrypting the data to be encrypted according to the encryption mode to obtain encrypted data.
According to one or more embodiments of the present disclosure, the apparatus further includes:
the encrypted data storage module is used for locally storing the encrypted data;
and sending the encrypted data to a cloud server for storage in the cloud.
According to one or more embodiments of the present disclosure, the apparatus further includes:
the field name list to be encrypted updating module is used for carrying out mode identification on the encrypted data to obtain a mode identification result;
when determining that the name of the missing field to be encrypted exists according to the mode identification result, sending an alarm prompt;
and adding the missing field names to be encrypted into the field name list to be encrypted according to the alarm prompt, and updating the field name list to be encrypted.
According to one or more embodiments of the present disclosure, the apparatus further includes:
the configuration module is used for configuring an encryption mode corresponding to the omitted field name to be encrypted in the updated field name list to be encrypted;
and creating a regular expression corresponding to the missing field name to be encrypted.
According to one or more embodiments of the present disclosure, there is provided an electronic device including:
one or more processors;
a storage device for storing one or more programs,
when executed by one or more processors, cause the one or more processors to implement a method of log desensitization according to any embodiment of the disclosure.
According to one or more embodiments of the present disclosure, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements an information encryption method according to any of the embodiments of the present disclosure.
The foregoing description is only exemplary of the preferred embodiments of the disclosure and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the disclosure herein is not limited to the particular combination of features described above, but also encompasses other embodiments in which any combination of the features described above or their equivalents does not depart from the spirit of the disclosure. For example, the above features and (but not limited to) the features disclosed in this disclosure having similar functions are replaced with each other to form the technical solution.
Further, while operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order. Under certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are included in the above discussion, these should not be construed as limitations on the scope of the disclosure. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable subcombination.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.
Claims (10)
1. An information encryption method, comprising:
acquiring a field name list to be encrypted, wherein the field name list to be encrypted comprises a plurality of field names to be encrypted and an encryption mode corresponding to each field name to be encrypted;
creating a regular expression corresponding to each field name to be encrypted according to the field name list to be encrypted;
matching each regular expression with information to be encrypted to obtain data to be encrypted in the information to be encrypted;
and encrypting the data to be encrypted according to the field name list to be encrypted to obtain encrypted data.
2. The method of claim 1, wherein creating a regular expression corresponding to each field name to be encrypted according to the field name list to be encrypted comprises:
acquiring the name of the field to be encrypted contained in the field name list to be encrypted;
and obtaining a regular expression corresponding to each field name to be encrypted according to each field name to be encrypted, a preset field value format to be encrypted and a preset terminator format.
3. The method according to claim 2, wherein the matching each regular expression with information to be encrypted to obtain data to be encrypted in the information to be encrypted comprises:
acquiring first to-be-encrypted content which is the same as each regular expression in the to-be-encrypted information;
extracting a second content to be encrypted positioned between the field name to be encrypted and the preset terminator format in the first content to be encrypted;
and taking the second content to be encrypted as the data to be encrypted.
4. The method according to claim 1, wherein the encrypting the data to be encrypted according to the field name list to be encrypted to obtain encrypted data comprises:
determining the name of a field to be encrypted corresponding to the data to be encrypted;
inquiring an encryption mode corresponding to the field name to be encrypted from the field name list to be encrypted;
and encrypting the data to be encrypted according to the encryption mode to obtain the encrypted data.
5. The method of claim 1, further comprising:
storing the encrypted data locally;
and sending the encrypted data to a cloud server for storage in the cloud.
6. The method of claim 5, further comprising:
obtaining a pattern recognition result by performing pattern recognition on the encrypted data;
sending an alarm prompt when the missing field name to be encrypted is determined according to the mode identification result;
and adding the missed field names to be encrypted into the field name list to be encrypted according to the alarm prompt, and updating the field name list to be encrypted.
7. The method according to claim 6, wherein the adding the missing field name to be encrypted to the field name list to be encrypted according to the alarm prompt, and after updating the field name list to be encrypted, further comprising:
configuring an encryption mode corresponding to the missing field name to be encrypted in the updated field name list to be encrypted;
and creating a regular expression corresponding to the missing field name to be encrypted.
8. An information encryption apparatus, comprising:
the device comprises a to-be-encrypted field name list acquisition module, a to-be-encrypted field name list acquisition module and a to-be-encrypted field name encryption module, wherein the to-be-encrypted field name list comprises a plurality of to-be-encrypted field names and encryption modes corresponding to the to-be-encrypted field names;
the regular expression acquisition module is used for creating a regular expression corresponding to each field name to be encrypted according to the field name list to be encrypted;
the data to be encrypted acquisition module is used for matching each regular expression with the information to be encrypted to acquire the data to be encrypted in the information to be encrypted;
and the encrypted data acquisition module is used for encrypting the data to be encrypted according to the field name list to be encrypted to obtain encrypted data.
9. An electronic device, characterized in that the electronic device comprises:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010017431.4A CN111259409A (en) | 2020-01-08 | 2020-01-08 | Information encryption method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010017431.4A CN111259409A (en) | 2020-01-08 | 2020-01-08 | Information encryption method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111259409A true CN111259409A (en) | 2020-06-09 |
Family
ID=70945098
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010017431.4A Pending CN111259409A (en) | 2020-01-08 | 2020-01-08 | Information encryption method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111259409A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112100664A (en) * | 2020-09-21 | 2020-12-18 | 国网辽宁省电力有限公司电力科学研究院 | Power user information static data desensitization method based on regular expression verification |
| CN113821819A (en) * | 2021-11-22 | 2021-12-21 | 深圳竹云科技有限公司 | Data reading and writing method and device, electronic equipment and computer readable storage medium |
| CN115033914A (en) * | 2022-05-30 | 2022-09-09 | 佳缘科技股份有限公司 | Distributed dynamic desensitization method, system and storage medium |
| CN116842560A (en) * | 2023-06-19 | 2023-10-03 | 北京泰镝科技股份有限公司 | Sensitive information desensitization display method, device and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20180075279A (en) * | 2016-12-26 | 2018-07-04 | 주식회사 삼오씨엔에스 | System for integrally analyzing and auditing heterogeneous personal information protection products |
| CN108829789A (en) * | 2018-06-01 | 2018-11-16 | 平安普惠企业管理有限公司 | Log processing method, device, computer equipment and storage medium |
| CN108959964A (en) * | 2018-06-29 | 2018-12-07 | 阿里巴巴集团控股有限公司 | A kind of method, apparatus and computer equipment for message desensitization |
| CN109726590A (en) * | 2018-12-24 | 2019-05-07 | 平安普惠企业管理有限公司 | System log desensitization method, desensitization system, computer equipment and storage medium |
| CN110232290A (en) * | 2018-03-05 | 2019-09-13 | 中兴通讯股份有限公司 | Log desensitization method, server and storage medium |
-
2020
- 2020-01-08 CN CN202010017431.4A patent/CN111259409A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20180075279A (en) * | 2016-12-26 | 2018-07-04 | 주식회사 삼오씨엔에스 | System for integrally analyzing and auditing heterogeneous personal information protection products |
| CN110232290A (en) * | 2018-03-05 | 2019-09-13 | 中兴通讯股份有限公司 | Log desensitization method, server and storage medium |
| CN108829789A (en) * | 2018-06-01 | 2018-11-16 | 平安普惠企业管理有限公司 | Log processing method, device, computer equipment and storage medium |
| CN108959964A (en) * | 2018-06-29 | 2018-12-07 | 阿里巴巴集团控股有限公司 | A kind of method, apparatus and computer equipment for message desensitization |
| CN109726590A (en) * | 2018-12-24 | 2019-05-07 | 平安普惠企业管理有限公司 | System log desensitization method, desensitization system, computer equipment and storage medium |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112100664A (en) * | 2020-09-21 | 2020-12-18 | 国网辽宁省电力有限公司电力科学研究院 | Power user information static data desensitization method based on regular expression verification |
| CN113821819A (en) * | 2021-11-22 | 2021-12-21 | 深圳竹云科技有限公司 | Data reading and writing method and device, electronic equipment and computer readable storage medium |
| CN115033914A (en) * | 2022-05-30 | 2022-09-09 | 佳缘科技股份有限公司 | Distributed dynamic desensitization method, system and storage medium |
| CN116842560A (en) * | 2023-06-19 | 2023-10-03 | 北京泰镝科技股份有限公司 | Sensitive information desensitization display method, device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111259409A (en) | Information encryption method and device, electronic equipment and storage medium | |
| CN111062024B (en) | Application login method and device | |
| CN112204557A (en) | System and method for automated decentralized multilateral transaction processing | |
| CN103139761B (en) | The method and communication terminal of a kind of information real-time show | |
| CN111199037A (en) | Login method, system and device | |
| CN110674481B (en) | Account registration method, device, equipment and storage medium of application program | |
| CN114239072B (en) | Block chain node management method and block chain network | |
| CN115987657B (en) | Cloud storage security authentication method, device, equipment and storage medium | |
| CN116881896A (en) | Method and device for generating device fingerprint library | |
| CN115361450B (en) | Request information processing method, apparatus, electronic device, medium, and program product | |
| CN110602700A (en) | Seed key processing method and device and electronic equipment | |
| CN116502189A (en) | Software authorization method, system, device and storage medium | |
| US20230418794A1 (en) | Data processing method, and non-transitory medium and electronic device | |
| CN113946862A (en) | Data processing method, device and equipment and readable storage medium | |
| CN113987471A (en) | Executable file execution method and device, electronic equipment and computer readable medium | |
| CN113032345A (en) | File processing method, device, terminal and non-transitory storage medium | |
| CN112437052B (en) | Method, apparatus, electronic device, and computer-readable medium for processing information | |
| CN114124533B (en) | Data interception method, device, electronic equipment and computer readable medium | |
| CN111262776B (en) | Method, device, electronic equipment and computer readable medium for sending notification message | |
| CN111800779B (en) | Device source identification method and apparatus, computer system, and readable storage medium | |
| CN112261659B (en) | Control method and device for terminal and server, terminal and storage medium | |
| CN113626873B (en) | Authentication method, device, electronic equipment and computer readable medium | |
| CN111404890B (en) | Flow data detection method, system, storage medium and electronic device | |
| CN115987661B (en) | Cloud server data self-storage method, device, equipment and storage medium | |
| CN112559825B (en) | Service processing method, device, computing equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200609 |
|
| RJ01 | Rejection of invention patent application after publication |